Since you are using the official repos thats not an issue. The issue is when the package creator is some rando on the internet.
Since you are using the official repos thats not an issue. The issue is when the package creator is some rando on the internet.